Lecture 3. WPA and i

Size: px
Start display at page:

Download "Lecture 3. WPA and 802.11i"

Transcription

1 Lecture 3 WPA and i Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 1

2 Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication What is i? Working Group IEEE Task Group.11b.11 a.11 g.11i New generation of security 2

3 IEEE i and WPA Robust Security Network (RSN) WEP IEEE i and WPA Robust Security Network (RSN) Wi-Fi Protected Access (WPA) WEP 3

4 IEEE i and WPA Robust Security Network (RSN) Wi-Fi Protected Access (WPA) Wi-Fi Alliance WEP IEEE i and WPA (cont) Share a common architecture (RSN architecture) WPA focus on TKIP and RADIUS i more flexible AES and TKIP RADIUS as one option 4

5 Security Layers Authentication Client Authentication Layer Authentication Server Corprate Network Operating System Access Control Layer (Access Control) Supplicant Wireless LAN Access Point Wireless LAN Mobile Device Wireless LAN Layer RSN Architecture Authentication Client High layer authentication (TLS, Kerberos, etc.) RADIUS Authentication Layer Authentication Server Operating System Supplicant 802.1X (Access Control) Access Control Layer Wireless LAN Wireless LAN Wireless LAN Layer Mobile Device Access Point 5

6 Transport Layer Security (TLS) RFC2246 Based on Secure Socket Layer (SSL) which is widely used for protecting Web applications Public key based authentication Produce a 48-byte master key TLS Layers Application Application TLS Handshake protocol TLS Handshake protocol TLS Record Protocol TLS Record Protocol TCP/IP TCP/IP Network Hardware Network Hardware 6

7 TLS Message Exchange Client Hello!! Server Hello!!! Server Certificate Client Certificate Request Server Done Client Certificate Client Key Exchange Certificate Verify Change Connection State Finished Change Connection State Finished RSN Keys Pairwise key Key =DEF X Y Z Key = GHI Key = JKL Group key Key X = DEF Key Y = GHI Key Z = JKL X Y Z Key = ABC Key = ABC Key = ABC Key = ABC 7

8 Pairwise Key Hierarchy Pairwise Master Key (PMK) From upper-layer authentication or a pre-shared key Data Encryption key Data Integrity key Pairwise Transient Key (PTK) EAPOL-Key Encryption Key EAPOL-Key Integrity key Main Standards in an RSN Solution Based on TLS Mobile Device Access Point Authentication Server X EAPOL EAP RFC 2284 TLS Over EAP RFC 2716 TLS RFC 2246 EAP over RADIUS RCF 2869 RADIUS RFC 2865 TCP/IP (or other) 8

9 Organization of Dial-in Network Authentication Server RADIUS NAS Modem s PPP User User Point of Presence User Authentication of Dial-in Users PAP (Password Authentication Protocol) user name and password sent in cleartext CHAP (Challenge Handshake Authentication Protocol) challenge/response scheme 9

10 Authentication of Dial-in Users PAP (Password Authentication Protocol) user name and password sent in cleartext CHAP (Challenge Handshake Authentication Protocol) challenge/response scheme EAP (Extensible Authentication Protocol) allow different authentication methods Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 10

11 IEEE 802.1X Port Based Access Control Port: the point at which a device connects to the network - physical port (e.g. each connector of Ethernet switch) - logical port (e.g association) Authentication between device and network Access control based on authentication result Role of IEEE 802.1X Supplicant Ethernet Hub Input Port Requesting Device Supplicant Output Port Initial State of IEEE 802.1X Switched LAN Hub 11

12 Role of IEEE 802.1X Ethernet Hub Input Port 0 Supplicant Connected Device Output Port Role of Authentication Server Output Port Authentication Server Ethernet Hub Input Ports Supplicant Connected Device Supplicant Requesting Device 3 12

13 RADIO MAC IEEE 802.1X Model Supplicant System System Authentication System Server Supplicant PAE Service offered by 's System PAE port unauthorized EAP protocol exchanges carried in higher layer protocol Authentication Server LAN Logical IEEE 802.1X Ports in Access Point Wireless Device Network Access Wireless Device Access Point 13

14 Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication Extensible Authentication Protocol (EAP) RFC2284 Allow multiple authentication methods No security itself 14

15 EAP Message Format Code Identifier Length Data 01: Request 02: Response 03: Success 04: Failure EAP Request/Response Message Code Identifier Length Type Req/Rsp Data 1: Identity 2: Notificaiton 3: NAK 13: TLS 15

16 8 EPA Message Flow Start Request Identity Supplicant Response Identity Request 1 Response 1... Request n Response Identity Request 1 Response 1... Request n Authentication Server Response n Response n Success Success EAP TLS Handshake Client Server EPA Response Identity EAP TLS : Hello!! EAP TLS : (Client Certificate) Client Key Exchange (Certificate Verification) Change Cipher Finished EAP TLS (empty) EAP Request Identity EAP TLS (start) EAP TLS : Hello!! TLS Certificate Client Certificate Request Server Done EAP TLS : Change Cipher Finished 9 EPA - Success 16

17 EAP Over LAN (EAPOL) Ethernet MAC Header Protocol Version Packet Type Packet Body Length Packet Body EAPOL-Start EAPOL-Key EAPOL-Packet EAPOL-Logoff EAPOL-Encapsulated-ASF-Alert Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 17

18 Remote Access Dial-In User Service (RADIUS) RFC2865 Authentication, Authorization and Accounting (AAA) protocol RADIUS server and client share a secret key Basic Format of RADIUS Message Code Identifiers Length Attributes... 1: Access-Request 2: Access-Accept 3: Access-Reject 11: Access-Challenge 18

19 PAP Operation RADIUS Server NAS Dial-up User Access Request (PAP) Access Accept User name / password OK CHAP Operation RADIUS Server NAS Dial-up User User name / password Challenge Access Request (CHAP) Access Accept Response OK 19

20 EAP over RADIUS RFC2869 EAP Request inside RADIUS Access-Challenge EAP Response inside RADIUS Access-Request Authentication Exchange using EAP over RADIUS Client Device Access Point (NAS) RADIUS Server EAPOL Start EAP Start (Req) Identity (Req) Identity Identity Identity -User name Request Request Success Success Encapsulated in EAPOL Encapsulated in RADIUS 20

21 Mobile device i Example Access point Authentication server TLS/EAP/EAPOL TLS/EAP/RADIUS Mobile device and Authentication Server authenticate each other generate Pairwise Master Key (PMK) Authentication server send PMK to Access Point EAPOL-Key Mobile device and Access Point authenticate each other Derive Pairwise Transient Keys (PTKs) from PMK User data protected with PTKs Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 21

22 Why handover authentication? Access Point Authorised mobile radio link Wired fixed network Impostor Handover authentication has to be efficient Frequent handover due to user movement Physical constraints of wireless device Lower bandwidth than wired counterparts Limited computational power Limited storage space User expectation of seamless mobility 22

23 Approaches to Efficient Handover Authentication Reuse of security association - No explicit authentication at handover Token based - Use token to convey trust Security context transfer Context Transfer Protocol Transfer security context, QoS and other state information between edge mobility devices Avoid repeated context establishment Facilitate seamless mobility 23

24 802.11f - Inter Access Point Protocol (IAPP) Specify necessary info to be exchanged between access points to support DS Achieve multi-vendor access point interoperability Facilitate fast handover Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 24

25 Questions 25

CS 356 Lecture 29 Wireless Security. Spring 2013

CS 356 Lecture 29 Wireless Security. Spring 2013 CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU ITMS: 26140230008 DOPYTOVO ORIENTOVANÝ PROJEKT Moderné

More information

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com White paper Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points http://www.veryxtech.com White Paper Abstract Background The vulnerabilities spotted in the Wired Equivalent Privacy (WEP) algorithm

More information

WiFi Security: WEP, WPA, and WPA2

WiFi Security: WEP, WPA, and WPA2 WiFi Security: WEP, WPA, and WPA2 - security requirements in wireless networks - WiFi primer - WEP and its flaws - 802.11i - WPA and WPA2 (RSN) Why security is more of a concern in wireless? no inherent

More information

Wireless security. Any station within range of the RF receives data Two security mechanism

Wireless security. Any station within range of the RF receives data Two security mechanism 802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the

More information

UNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security

UNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security UNIK4250 Security in Distributed Systems University of Oslo Spring 2012 Part 7 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s charter to develop

More information

Network security, TKK, Nov 2008 1

Network security, TKK, Nov 2008 1 Outline Network security: WLAN Security LAN technology Threats against WLANs Weak security mechanisms and WEP 802.1X, WPA, 802.11i Tuomas Aura, Microsoft Research, UK 2 LAN technology LAN (WLAN) standards

More information

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011 freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011 freeradius is... Multiple protocoles : RADIUS, EAP... An Open-Source

More information

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2 Wi-Fi Security FEUP>MIEIC>Mobile Communications Jaime Dias Symmetric cryptography Ex: RC4, AES 2 Digest (hash) Cryptography Input: variable length message Output: a fixed-length bit

More information

The 802.1x specification

The 802.1x specification The 802.1x specification Fulvio Risso Politecnico di Torino Based on an existing presentation of Piero Nicoletti 1 IEEE 802.1x Port-Based Network Access Control Use physical access characteristics of IEEE

More information

Wi-Fi Protected Access for Protection and Automation

Wi-Fi Protected Access for Protection and Automation Wi-Fi Protected Access for Protection and Automation Key Material Authentication Key Presented to: 13 December 2006 Dennis K. Holstein on behalf of CIGRE B5.22 1 The good news and the bad news Who is CIGRE

More information

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2)

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) Moffat Mathews, Ray Hunt Department of Computer Science and Software Engineering, University of Canterbury, New Zealand {ray.hunt@canterbury.ac.nz}

More information

802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com

802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key

More information

A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2

A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2 A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2 1 Dept of CSE, P.A.College of Engineering 2 Dept of CSE, Srnivas institute

More information

Certified Wireless Security Professional (CWSP) Course Overview

Certified Wireless Security Professional (CWSP) Course Overview Certified Wireless Security Professional (CWSP) Course Overview This course will teach students about Legacy Security, encryption ciphers and methods, 802.11 authentication methods, dynamic encryption

More information

WLAN security. Contents

WLAN security. Contents Contents WEP (Wired Equivalent Privacy) No key management Authentication methods Encryption and integrity checking WPA (WiFi Protected Access) IEEE 802.1X authentication framework Practical example using

More information

Network Security: WLAN Security. Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010

Network Security: WLAN Security. Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Network Security: WLAN Security Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline Wireless LAN technology Threats against WLANs Weak security mechanisms and WEP 802.1X, WPA,

More information

Wi-Fi Protected Access for Protection and Automation

Wi-Fi Protected Access for Protection and Automation Wi-Fi Protected Access for Protection and Automation a work in progress by CIGRE Working Group B5.22 Dennis K. Holstein on behalf of CIGRE B5.22 This is an interactive discussion Who is CIGRE B5.22 What

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Chapter 6 CDMA/802.11i

Chapter 6 CDMA/802.11i Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example Table of Contents Wi Fi Protected Access 2 (WPA 2) Configuration Example...1 Document ID: 67134...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Conventions...2 Background Information...2

More information

Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2)

Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) SUNY Technology Conference June 21, 2011 Bill Kramp FLCC Network Administrator Copyright 2011 William D. Kramp All Rights

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas. Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key

More information

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements

More information

Authentication in WLAN

Authentication in WLAN Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing

More information

WLAN Access Security Technical White Paper. Issue 02. Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD.

WLAN Access Security Technical White Paper. Issue 02. Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD. WLAN Access Security Technical White Paper Issue 02 Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD. . 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by

More information

Lecture 4b AAA protocols (Authentication Authorization Accounting)

Lecture 4b AAA protocols (Authentication Authorization Accounting) Lecture 4b AAA protocols (Authentication Authorization Accounting) Network security (19265400 / 201000086) Lecturers: Aiko Pras Pieter-Tjerk de Boer Anna Sperotto Ramin Sadre Georgios Karagiannis Lecture

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

CS549: Cryptography and Network Security

CS549: Cryptography and Network Security CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared

More information

Chapter 2, Port-Based Authentication Concepts

Chapter 2, Port-Based Authentication Concepts Chapter 2, Port-Based Authentication Concepts Author: Jim Geier Principal Consultant, Wireless-Nets, Ltd. Email: jimgeier@wireless-nets.com This chapter is a sample from the book Implementing 802.1x Security

More information

1. Scope and objectives. 2 Introduction IEEE GPP TSG SA WG3 Security S July 9 July 12, 2002 Helsinki, Finland

1. Scope and objectives. 2 Introduction IEEE GPP TSG SA WG3 Security S July 9 July 12, 2002 Helsinki, Finland TSG SA WG3 Security S3-020341 July 9 July 12, 2002 Helsinki, Finland Agenda Item: 7.9 Source: Ericsson Title: Introduction of IEEE 802.11 Security Document for: Discussion 1. Scope and objectives This

More information

IEEE 802.1X Overview. Port Based Network Access Control

IEEE 802.1X Overview. Port Based Network Access Control IEEE 802.1X Overview Port Based Network Access Control 802.1X Motivation and History Increased use of 802 LANs in public and semi-public places Desire to provide a mechanism to associate end-user identity

More information

Chapter 10 Security Protocols of the Data Link Layer

Chapter 10 Security Protocols of the Data Link Layer Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) [NetSec], WS 2006/2007 10.1 Scope of Link Layer Security Protocols

More information

WLAN Security. WLAN Security Standards WEP IEEE 802.1x Wi-Fi Protected Access (WPA) i Layered Security for Wireless Networks

WLAN Security. WLAN Security Standards WEP IEEE 802.1x Wi-Fi Protected Access (WPA) i Layered Security for Wireless Networks TECHNISCHE UNIVERSITÄT ILMENAU WLAN Security Integrated Hard- and Software Systems http://www.tu-ilmenau.de/ihs WLAN Security Standards WEP IEEE 802.1x Wi-Fi Protected Access (WPA) 802.11i Layered Security

More information

WLAN Security. Giwhan Cho ghcho@dcs.chonbuk.ac.kr. Distributed/Mobile Computing System Lab. Chonbuk National University

WLAN Security. Giwhan Cho ghcho@dcs.chonbuk.ac.kr. Distributed/Mobile Computing System Lab. Chonbuk National University WLAN Security Giwhan Cho ghcho@dcs.chonbuk.ac.kr Distributed/Mobile Computing System Lab. Chonbuk National University Content WLAN security overview 802.11i WLAN security components pre-rsn (Robust Security

More information

CS 336/536 Computer Network Security. Summer Term 2010. Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

CS 336/536 Computer Network Security. Summer Term 2010. Wi-Fi Protected Access (WPA) compiled by Anthony Barnard CS 336/536 Computer Network Security Summer Term 2010 Wi-Fi Protected Access (WPA) compiled by Anthony Barnard 2 Wi-Fi Protected Access (WPA) These notes, intended to follow the previous handout IEEE802.11

More information

Executive Summary. This white paper includes the following sections: A.What Does 802.1x Do? B. An Overview of the 802.1x Standard

Executive Summary. This white paper includes the following sections: A.What Does 802.1x Do? B. An Overview of the 802.1x Standard Allied Telesis White Paper 802.1x White Paper Executive Summary Security and flexibility are often seen as mutually exclusive requirements in a network, yet both are equally important. Security is crucial

More information

Wireless Technology Seminar

Wireless Technology Seminar Wireless Technology Seminar Introduction Adam Worthington Network Consultant Adam.Worthington@euroele.com Wireless LAN Why? Flexible network access for your users? Guest internet access? VoWIP? RFID? Available

More information

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise Michael Disabato Service Director Network & Telecom Strategies mdisabato@burtongroup.com Diana Kelley Senior Analyst Security & Risk Management Strategies dkelley@burtongroup.com www.burtongroup.com WiFi

More information

Attacks Due to Flaw of Protocols Used In Network Access Control (NAC), Their Solutions and Issues: A Survey

Attacks Due to Flaw of Protocols Used In Network Access Control (NAC), Their Solutions and Issues: A Survey I. J. Computer Network and Information Security, 2012, 3, 31-46 Published Online April 2012 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2012.03.05 Attacks Due to Flaw of Protocols Used In

More information

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will

More information

Network Access Control and Cloud Security

Network Access Control and Cloud Security Network Access Control and Cloud Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu Introduction to WiFi Security Frank Sweetser WPI Network Operations and Security fs@wpi.edu Why should I care? Or, more formally what are the risks? Unauthorized connections Stealing bandwidth Attacks

More information

Security in IEEE 802.11 WLANs

Security in IEEE 802.11 WLANs Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Wireless Local Area Network Security Obscurity Through Security

Wireless Local Area Network Security Obscurity Through Security Wireless Local Area Network Security Obscurity Through Security Abstract Since the deployment of infamous Wired Equivalent Privacy (WEP), IEEE and vendors have developed a number of good security mechanisms

More information

S Series Switches. NAC Technology White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

S Series Switches. NAC Technology White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD. Issue 01 Date 2013-05-25 HUAWEI TECHNOLOGIES CO., LTD. 2013. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of

More information

layer specifications for 1- and 2-megabit-per-second (Mbps) wireless LANs operating in the 2.4-GHz band.

layer specifications for 1- and 2-megabit-per-second (Mbps) wireless LANs operating in the 2.4-GHz band. GLOSSARY 802.11 The IEEE standard that specifies carrier sense media access control and physical layer specifications for 1- and 2-megabit-per-second (Mbps) wireless LANs operating in the 2.4-GHz band.

More information

Chapter 2 Wireless Networking Basics

Chapter 2 Wireless Networking Basics Chapter 2 Wireless Networking Basics Wireless Networking Overview Some NETGEAR products conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs).

More information

Network Access Control and Cloud Security

Network Access Control and Cloud Security Network Access Control and Cloud Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Authentication and Encryption in EPON

Authentication and Encryption in EPON Authentication and Encryption in EPON Ken Murakami: Mitsubishi Electric Supporters Yukio Fujimoto: NTT Osamu Yoshihara: NTT July 2002 IEEE802.3ah EFM Task Force 1 Purpose of Authentication Users without

More information

Chapter 6 - EAP Authentication

Chapter 6 - EAP Authentication Chapter 6 - EAP Authentication This chapter describes using Extensible Authentication Protocol with FreeRADIUS. The following topics are discussed in this chapter: EAP Overview Types/Methods Testing with

More information

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)

More information

Chapter 4: Security of the architecture, and lower layer security (network security) 1

Chapter 4: Security of the architecture, and lower layer security (network security) 1 Chapter 4: Security of the architecture, and lower layer security (network security) 1 Outline Security of the architecture Access control Lower layer security Data link layer VPN access Wireless access

More information

Authentication and Security in IP based Multi Hop Networks

Authentication and Security in IP based Multi Hop Networks 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER 2002 1 Authentication and Security in IP based Multi Hop Networks Frank Fitzek, Andreas Köpsel, Patrick Seeling Abstract Network security

More information

chap18.wireless Network Security

chap18.wireless Network Security SeoulTech UCS Lab 2015-1 st chap18.wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless

More information

Extensible Authentication Protocol (EAP) Security Issues

Extensible Authentication Protocol (EAP) Security Issues Sotillo ECU 1 Extensible Authentication Protocol (EAP) Security Issues Samuel Sotillo, Dept. of Technology Systems, East Carolina University Abstract This document describes the Extensible Authentication

More information

WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS

WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS January 2003 January WHITE 2003 PAPER WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS With the increasing deployment of 802.11 (or Wi-Fi) wireless networks in business environments, IT organizations are

More information

Wireless Authentication and Encryption: A Primer

Wireless Authentication and Encryption: A Primer Wireless Vulnerability Management Wireless Authentication and Encryption: A Primer Presented by: Hemant Chaskar, PhD Director of Technology AirTight Networks 2008 AirTight Networks, Inc. All Rights Reserved.

More information

Belnet Networking Conference 2013

Belnet Networking Conference 2013 Belnet Networking Conference 2013 Thursday 12 December 2013 @ http://events.belnet.be Workshop roaming services: eduroam / govroam Belnet Aris Adamantiadis, Nicolas Loriau Bruxelles 05 December 2013 Agenda

More information

Authentication, Authorization and Accounting (AAA) Protocols

Authentication, Authorization and Accounting (AAA) Protocols Authentication, Authorization and Accounting (AAA) Protocols Agententechnologien in der Telekommunikation Sommersemester 2009 Babak Shafieian babak.shafieian@dai-labor.de 10.06.2009 Agententechnologien

More information

Configure Workgroup Bridge on the WAP351

Configure Workgroup Bridge on the WAP351 Article ID: 5047 Configure Workgroup Bridge on the WAP351 Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless LAN that

More information

Wireless LAN Security with 802.1x, EAP-TLS, and PEAP. Steve Riley Senior Consultant MCS Trustworthy Computing Services

Wireless LAN Security with 802.1x, EAP-TLS, and PEAP. Steve Riley Senior Consultant MCS Trustworthy Computing Services Wireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley Senior Consultant MCS Trustworthy Computing Services So what s the problem? WEP is a euphemism Wired Equivalent Privacy Actually, it s a

More information

Data Link Protocols. TCP/IP Suite and OSI Reference Model

Data Link Protocols. TCP/IP Suite and OSI Reference Model Data Link Protocols Relates to Lab. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet, and the Point-to-Point Protocol (PPP). 1 TCP/IP Suite

More information

Application Note: Onsight Device VPN Configuration V1.1

Application Note: Onsight Device VPN Configuration V1.1 Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1

More information

802.11b Wireless LAN Authentication, Encryption, and Security

802.11b Wireless LAN Authentication, Encryption, and Security 802.11b Wireless LAN Authentication, Encryption, and Security Young Kim ELEN 6951 1. Abstract With the rapid growth of wireless local area network, security has been the number one concern in this arena

More information

WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles

WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles WLAN Security.. from this... Security Architectures and Protocols in Wireless LANs (Section 3) 1 2 WLAN Security.. to this... How Security Breaches Occur 3 War (wide area roaming) Driving/War Chalking

More information

Computer Networks. Secure Systems

Computer Networks. Secure Systems Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

More information

White Paper. Wireless LAN Security. Copyright Madge Limited. All rights reserved.

White Paper. Wireless LAN Security. Copyright Madge Limited. All rights reserved. White Paper Wireless LAN Security Copyright 2002-2003 Madge Limited. All rights reserved. 1 Introduction As wireless LANs become widely deployed, and the business benefits become clear, concern has grown

More information

Distributed Systems Security

Distributed Systems Security Distributed Systems Security Protocols (Physical/Data-Link Layer) Dr. Dennis Pfisterer Institut für Telematik, Universität zu Lübeck http://www.itm.uni-luebeck.de/people/pfisterer Overview Security on

More information

EAP Authentication Protocols for WLANs

EAP Authentication Protocols for WLANs C H A P T E R 7 EAP Authentication Protocols for WLANs The second in the WLAN authentication trilogy of chapters, this chapter examines the various authentication protocols such as the Extensible Authentication

More information

Huawei WLAN Authentication and Encryption

Huawei WLAN Authentication and Encryption Huawei WLAN Authentication and Encryption The Huawei integrated Wireless Local Area Network (WLAN) solution can provide all-round services for municipalities at various levels and enterprises and institutions

More information

Configuring Wired 802.1x Authentication on Windows Server 2012

Configuring Wired 802.1x Authentication on Windows Server 2012 Configuring Wired 802.1x Authentication on Windows Server 2012 Johan Loos johan@accessdenied.be Version 1.0 Why 802.1x Authentication? The purpose of this document is to guide you through the procedure

More information

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. E-mail: Kapil.Kumar@relianceinfo.com

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. E-mail: Kapil.Kumar@relianceinfo.com RA-MPLS VPN Services Kapil Kumar Network Planning & Engineering Data E-mail: Kapil.Kumar@relianceinfo.com Agenda Introduction Why RA MPLS VPNs? Overview of RA MPLS VPNs Architecture for RA MPLS VPNs Typical

More information

An Architectural Framework for Providing WLAN Roaming

An Architectural Framework for Providing WLAN Roaming An Architectural Framework for Providing WLAN Roaming D.Vassis, G.Kormentzas Dept. of Information and Communication Systems Engineering University of the Aegean GR-83200, Karlovassi, GREECE emails:{divas;

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

7.1. Remote Access Connection

7.1. Remote Access Connection 7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to

More information

Network Security 1 Module 4 Trust and Identity Technology

Network Security 1 Module 4 Trust and Identity Technology Network Security 1 Module 4 Trust and Identity Technology 1 Learning Objectives 4.1 AAA 4.2 Authentication Technologies 4.3 Identity Based Networking Services (IBNS) 4.4 Network Admission Control (NAC)

More information

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract

More information

IT-Sicherheit: Sicherheitsprotokolle. Wireless Security. (unter Benutzung von Material von Brian Lee und Takehiro Takahashi)

IT-Sicherheit: Sicherheitsprotokolle. Wireless Security. (unter Benutzung von Material von Brian Lee und Takehiro Takahashi) IT-Sicherheit: Sicherheitsprotokolle Wireless Security (unter Benutzung von Material von Brian Lee und Takehiro Takahashi) ! 61 ints 5 2 Po ss e c Ac 3 Built in Security Features!!!!!! Service Set Identifier

More information

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly

More information

Wireless Security Evolution

Wireless Security Evolution Wireless Security Evolution Kevin Hayes Distinguished Engineer Atheros Communications About myself Engineer for Atheros Communications since 2000 Interests in OS and systems design, L2/L3 networking, QoS

More information

Table of Contents 1 WLAN Security 1-1

Table of Contents 1 WLAN Security 1-1 Table of Contents 1 WLAN Security 1-1 Overview 1-1 Authentication Modes 1-1 WLAN Data Security 1-2 Client Access Authentication 1-3 WLAN Security Policies 1-5 i 1 WLAN Security Overview WLAN networks feature

More information

The Importance of Wireless Security

The Importance of Wireless Security The Importance of Wireless Security Because of the increasing popularity of wireless networks, there is an increasing need for security. This is because unlike wired networks, wireless networks can be

More information

Network Security Protocols

Network Security Protocols Network Security Protocols Information Security (bmevihim100) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS)

More information

Evaluation of EAP Authentication Methods in Wired and Wireless Networks

Evaluation of EAP Authentication Methods in Wired and Wireless Networks Master Thesis Electrical Engineering October 2012 Evaluation of EAP Authentication Methods in Wired and Wireless Networks Tirumala Rao Kothaluru Mohamed Youshah Shameel Mecca School of Computing Blekinge

More information

A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES

A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES Johanna Janse van Rensburg, Barry Irwin Rhodes University G01j202j7@campus.ru.ac.za, b.irwin@ru.ac.za (083) 944 3924 Computer Science Department, Hamilton

More information

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN Daniel Schwarz Overview: 1. Introduction I. PKIX 2. Basics I. PPP II. EAP III. 802.1x IV. X.509 certificate extensions

More information

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter

More information

CONNECTING THE RASPBERRY PI TO A NETWORK

CONNECTING THE RASPBERRY PI TO A NETWORK CLASSROOM CHALLENGE CONNECTING THE RASPBERRY PI TO A NETWORK In this lesson you will learn how to connect the Raspberry Pi computer to a network with both a wired and a wireless connection. To complete

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

IEEE 802.1X For Wireless LANs

IEEE 802.1X For Wireless LANs IEEE 802.1X For Wireless LANs John Roese, Ravi Nalmati, Cabletron Albert Young, 3Com Carl Temme, Bill McFarland, T-Span David Halasz, Aironet Paul Congdon, HP Andrew Smith, Extreme Networks Slide 1 Outline

More information

TECHNICAL NOTE REFERENCE DOCUMENT. Improving Security for Axis Products. Created: 4 October 2007. Last updated: 11 October 2007. Rev: 1.

TECHNICAL NOTE REFERENCE DOCUMENT. Improving Security for Axis Products. Created: 4 October 2007. Last updated: 11 October 2007. Rev: 1. TECHNICAL NOTE REFERENCE DOCUMENT Improving Security for Axis Products Created: 4 October 2007 Last updated: 11 October 2007 Rev: 1.0 TABLE OF CONTENTS 1 INTRODUCTION 3 2 BEST-PRACTICE SECURITY POLICIES

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

HP AP8760 Dual Radio 802.11a/b/g Access Point Overview

HP AP8760 Dual Radio 802.11a/b/g Access Point Overview Overview Models JD016A Key features Simultaneous 802.11a and 802.11b/g support PoE power/data via Category 5/6 data cables WPA/2, AES, TKIP, WEP packet encryption MAC address authentication/filtering WDS

More information

Complying with DoT Regulation on Secure Use of WiFi: Less in Letter, More in Spirit

Complying with DoT Regulation on Secure Use of WiFi: Less in Letter, More in Spirit Complying with DoT Regulation on Secure Use of WiFi: Less in Letter, More in Spirit Kaustubh Phanse, Ph.D. Hemant Chaskar, Ph.D. Pravin Bhagwat, Ph.D. Wireless Architect Director, Technology CTO AirTight

More information

Wireless Network Security Challenges

Wireless Network Security Challenges Wireless Network Security Challenges SHARE Summer 2010 Boston Laura Knapp WW Business Consultant Applied Expert Systems (www.aesclever.com) laurak@aesclever.com laura@lauraknapp.com Networking - Connecting

More information

QuickSpecs. Model. Key features Can connect wired device to a wireless network Single radio IEEE 802.11a/b/g Two external antennas Indoor enclosure

QuickSpecs. Model. Key features Can connect wired device to a wireless network Single radio IEEE 802.11a/b/g Two external antennas Indoor enclosure Overview Model HP M111 Client Bridge US HP M111 Client Bridge JP J9389A J9523A Key features Can connect wired device to a wireless network Single radio IEEE 802.11a/b/g Two external antennas Indoor enclosure

More information